Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
898 questions
0 answers
Can't restrict Subscription creation with Azure Policy.
We created the policy that should restrict the creation of new subscription, if it has any or all of the specific tags missing. The policy is not restricting the creation of new subscription but, is marking the subscription "non-compliant"…
asked 2024-10-19T16:17:03.6566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 64%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESJ%3C/text%3E%3C/svg%3E)
Swapnil Jambhulkar
0
Reputation points
asked 2024-10-19T16:17:03.6566667+00:00
Swapnil Jambhulkar
0
Reputation points
1 answer
I have create a azure police with deployeifnotexist effect for ACR network setting but not work expected
{ "properties": { "displayName": "acr-test-new1", "policyType": "Custom", "mode": "Indexed", "description": "test", "metadata": { …
asked 2024-10-19T06:23:34.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 52%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
sanjeev sinha
0
Reputation points
answered 2024-10-19T11:40:51.04+00:00
Vinodh247
21,881
Reputation points
2 answers
Custom Policy
Hello Everyone, I would like to get your help regarding to know what could be a json structure to create a Azure policy that will allow me to identify who create the Azure resources on a subscription. Thank you and help will be very helpful.
asked 2024-10-15T17:37:32.1733333+00:00
Cinthia Rodriguez
20
Reputation points
answered 2024-10-19T11:12:00.1033333+00:00
Vinodh247
21,881
Reputation points
2 answers
Powershell Script to Remove Duplicate Assignments
Hi, We have MS Clound Benchmark Definition assigned at 200 scopes/ subscriptions, which we dont need. Im wondering would you guys have some quick direction on how I can remove it from all 200 subscriptions with a single powershell command? Thanks.
asked 2024-10-17T16:05:55.0966667+00:00
YogiBear
170
Reputation points
edited an answer 2024-10-18T18:47:11.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 32%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pavan Minukuri
85
Reputation points Microsoft Vendor
4 answers
One of the answers was accepted by the question author.
How to create a custom policy that shows who create the resources on Azure
Hello Everyone, I would like to get your help regarding to know what could be a json structure to create a Azure policy that will allow me to identify who create the Azure resources on a subscription. Thank you and help will be very helpfull.
asked 2024-10-11T20:27:31.9466667+00:00
Cinthia Rodriguez
20
Reputation points
edited a comment 2024-10-18T16:35:27.6566667+00:00
Cinthia Rodriguez
20
Reputation points
0 answers
Paginate List Query Results For Subscription Level Policy Assignment
Hi everyone, I’m having trouble using this service to get information about policy states. It seems to only return up to 1,000 entries per call, and the @odata.nextLink parameter mentioned in the docs always comes back as null. I tried adjusting the…
asked 2024-10-01T15:44:06.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 61%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Gonzalo Avalos Ribas
0
Reputation points
commented 2024-10-18T13:41:24.2566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 20%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Pranay Reddy Madireddy
110
Reputation points Microsoft Vendor
0 answers
Availability Sets are not supported in Azure Policy for deploying Azure Monitor Agent.
I have created a Initiative for deploying the Azure Monitor agent on a subscription. The agent is deployed on all the Windows vm's except on the machines in a availability set. The policy I'm using is "Configure Windows virtual machines to run Azure…
asked 2024-09-13T14:38:25.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 28.999999999999996%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Radjin Ghisyawan
0
Reputation points
commented 2024-10-17T14:14:08.8066667+00:00
Pranay Reddy Madireddy
110
Reputation points Microsoft Vendor
0 answers
How to disable feature of redirecting all HTTP traffic to HTTPS in azure Web App service using azure policy.
How to disable feature of redirecting all HTTP traffic to HTTPS in azure Web App service using azure policy. Our client is asking for a policy so that if anyone creates Function app or logic App services, by default HTTPS only will configured as off.…
asked 2024-10-17T08:16:53.1866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGL%3C/text%3E%3C/svg%3E)
Godugu, Loka
0
Reputation points
asked 2024-10-17T08:16:53.1866667+00:00
Godugu, Loka
0
Reputation points
0 answers
Cannot access "Custom deployment" blade in Azure - CORS issue
Every time I try and click "Deploy a custom resource" nothing happens in the Azure portal UI. In my browser's dev tools console I receive this error: "Access to XMLHttpRequest at…
asked 2024-10-07T11:08:13.8533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 89%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Benjamin Murphy
0
Reputation points
commented 2024-10-16T07:58:43.0333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 7.000000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIM%3C/text%3E%3C/svg%3E)
Ismail M
0
Reputation points
1 answer
Possible to create a policy that will automatically assign user/group RBAC roles based on tags
Is it possible to create a policy that will automatically assigned users/groups to RBAC roles for an RG based on the tags? If so, can you reference a template for this?
asked 2021-09-28T14:48:24.733+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 11%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
darksaber
6
Reputation points
commented 2024-10-15T17:33:29.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 94%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Jostyn Delgado Segura
0
Reputation points
0 answers
Azure policy does not back up persistent AVD VMs.
We're running into a weird issue. We have two Azure policies, one which adds a tag for any VM, the tag name is "backup" and it sets the value to [true]. Then a second policy is set to backup VMs with a given tag to an existing vault in the…
asked 2024-09-12T15:11:56.0933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 12%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Richard Duane Wolford Jr
216
Reputation points
commented 2024-10-15T08:47:00.51+00:00
Pranay Reddy Madireddy
110
Reputation points Microsoft Vendor
0 answers
Effect of editing custom Azure Policy definition on existing assignments?
I am trying to understand how editing a custom Azure policy definition affects existing assignments but can't find any info on this. Our scenario: We have a custom policy definition for the deployment and configuration of the AMA client on Arc connected…
asked 2024-10-14T15:13:09.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 19%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mark Poole (7805)
0
Reputation points
edited the question 2024-10-14T15:13:58.6666667+00:00
Mark Poole (7805)
0
Reputation points
0 answers
Allow-Access-Control-Origin Error on Web App
Hey everyone. I may be missing something simple, but here's one for you guys! Turning on App Gateway WAF Policy with a custom rule for geo location match. Essentially just to deny any traffic outside of select countries. Without this WAF Policy turned…
asked 2024-09-24T19:45:46.7866667+00:00
Joseph Dutton
135
Reputation points
commented 2024-10-14T13:06:19.9433333+00:00
KapilAnanth-MSFT
46,016
Reputation points Microsoft Employee
0 answers
Azure resource graph query to get all policy definition details which are assigned
Azure has lot of inbuilt policies and few are custom policies.i need an Azure resource graph query to get all policy definition details of only the policies which are assigned
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 71%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Creating a custom Policy Using Azure Resource Selector
Is it possible to create a custom policy or utilize Azure policies to implement a deny resource type policy by using only the resource selector parameters, rather than specifying the actual parameters within the policy without the use of…
asked 2024-10-08T20:26:44.4233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 38%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Seeman, David
20
Reputation points
accepted 2024-10-11T13:48:47.5666667+00:00
Seeman, David
20
Reputation points
0 answers
Use Azure Policy at scale at an MSP
Hi there, I am starting to use Azure Lighthouse and Policy at a MSP. I want to use Azure Policy to manage all the delegated customer subscriptions. It seems that there is no built-in option to just push initiatives and policies to subscriptions in…
asked 2024-10-11T12:08:17.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 56.00000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL9%3C/text%3E%3C/svg%3E)
LaurentvanMastrigt-9976
20
Reputation points
edited the question 2024-10-11T12:08:36.7066667+00:00
LaurentvanMastrigt-9976
20
Reputation points
2 answers
One of the answers was accepted by the question author.
Applying azure PCI DSS4 regulatory complaince policy for passwords
Hi, I am trying to assign PCI DSS4 Defender for cloud regulatory compliance policy for passwords - Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords- where count is 24 Audit Windows machines that…
asked 2024-04-16T20:23:01.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIS%3C/text%3E%3C/svg%3E)
Ishan Saxena
40
Reputation points
accepted 2024-10-11T09:21:32.5033333+00:00
Ishan Saxena
40
Reputation points
1 answer
One of the answers was accepted by the question author.
How to Enforce a Tag With a Predefined Value
I want an Azure policy in place that requires all new resources to have an "Environment" tag. With that tag I only want there to be three acceptable values: Test, Prod and Dev. If the value doesn't meet the predefined value, it fails…
asked 2024-02-02T18:31:12.1933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 40%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
PhrygianMode
20
Reputation points
edited a comment 2024-10-10T15:21:27.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOA%3C/text%3E%3C/svg%3E)
Oleg Aronov
106
Reputation points
1 answer
One of the answers was accepted by the question author.
Understanding Inconsistent data return for Azure Powershell command Get-AzPolicyDefinition
Hi, I'm encountering inconsistent data return for the Azure Powershell command Get-AzPolicyDefinition. I have a script that obtains compliance reports for Azure Policy Initiatives and I iterate over each compliance item to obtain more information. I'm…
asked 2024-08-07T03:23:24.6333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 35%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Jaswanth G
20
Reputation points
edited the question 2024-10-10T06:39:13.5066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
21,381
Reputation points
2 answers
Custom Policy for "Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests" is not giving desired result
I have written below Custom Policy to check whether Audit logs are enabled or not for Blob Service. It is not working when i only enable the logs for blob service. My requirement is to check only for blob service. Not for whole Storage account. Below…
asked 2024-08-05T11:01:09.9833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 63%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
shashank rastogi
0
Reputation points
commented 2024-10-10T05:14:15.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 11%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKL%3C/text%3E%3C/svg%3E)
Krzysztof Leśniczak
0
Reputation points